<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request as HttpRequest;
use Mockery\Exception;

class DefaultController extends BaseController
{

    public function __construct()
    {

        $this->view = ['activeFirst' => 'default', 'activeSecond' => 'index'];
        
    }

    public function index(HttpRequest $request)
    {

        return view('default.index', $this->view);
    }

    public function upload(HttpRequest $request)
    {

        header('Content-Type: text/plain; charset=utf-8');

        $code = 200;

        $data = [];

        try {

            // Undefined | Multiple Files | $_FILES Corruption Attack
            // If this request falls under any of them, treat it invalid.
            if (
                !isset($_FILES['upfile']['error']) ||
                is_array($_FILES['upfile']['error'])
            ) {
                throw new \RuntimeException('Invalid parameters.');
            }

            // Check $_FILES['upfile']['error'] value.
            switch ($_FILES['upfile']['error']) {
                case UPLOAD_ERR_OK:
                    break;
                case UPLOAD_ERR_NO_FILE:
                    throw new \RuntimeException('No file sent.');
                case UPLOAD_ERR_INI_SIZE:
                case UPLOAD_ERR_FORM_SIZE:
                    throw new \RuntimeException('Exceeded filesize limit.');
                default:
                    throw new \RuntimeException('Unknown errors.');
            }

            // You should also check filesize here.file size must <= 2M
            if ($_FILES['upfile']['size'] > 2097152) {
                throw new \RuntimeException('Exceeded filesize limit.');
            }

            // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
            // Check MIME Type by yourself.
            $finfo = new \finfo(FILEINFO_MIME_TYPE);

            if (false === $ext = array_search(
                    $finfo->file($_FILES['upfile']['tmp_name']),
                    array(
                        'jpg' => 'image/jpeg',
                        'png' => 'image/png',
                        'gif' => 'image/gif',
                    ),
                    true
                )) {
                throw new \RuntimeException('Invalid file format.');
            }

            // You should name it uniquely.
            // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
            // On this example, obtain safe unique name from its binary data.
            $fileName = sprintf('pictures/%s.%s',
                sha1_file($_FILES['upfile']['tmp_name']),
                $ext
            );

            if (!move_uploaded_file(
                $_FILES['upfile']['tmp_name'],
                $fileName
            )) {
                throw new \RuntimeException('Failed to move uploaded file.');
            }

            $message = 'File is uploaded successfully.';


        } catch (\RuntimeException $e) {

            $code = 404;

            $message = $e->getMessage();

        }

        if ($code === 200) {

            return [
                'file' => $fileName,
                'message' => $message
            ];
        }

        return [
            [],
            $code,
            $message
        ];

    }
}

